Putting Out The Fire

Putting Out The Fire

An accounting firm maintained its client and internal documents on a network share. With no privilege restrictions in place, nearly all employees had access to these records.

A hacker managed to infiltrate the network after a firewall rule had been added incorrectly.

A member of the IT department grew suspicious when triggered event notifications by the firewall were sent to IT staff.

Impact

Without privilege restrictions in place, the hacker managed to quickly gain access to all the company’s important files and effectively had the “keys to the kingdom.”

With access to all the firm’s data, confidential client and company information could be exfiltrated at any time resulting in significant damages.

Resolution

TCDI’s incident response team was on site within the hour to begin the investigation and remediation.

They managed to contain the incident before data was removed.

A vulnerability scan and penetration test were performed to identify how the hacker gained access to the network in the first place. The test revealed several other unrelated vulnerabilities that could be exploited as well.

Working in conjunction with the accounting firm, TCDI helped remediate the vulnerabilities and validated their remediation efforts with a secondary scan.

Finally, TCDI assisted the firm with policy development and implementation to segment network access and put privilege restrictions and change controls in place.